I have Email datamodel that ships alongwith Splunk ES. It's in building status and it's accelerated too. How to troubleshoot it ?
Does it depends on any lookups ? after checking constraints, I can see macros and tags.. and no lookups.
Have you configured indexes for Email datamodel (It's in CIM app setup page). By default CIM datamodels will try to read data from all indexes, so as best practice it will be good to limit datamodel for required indexes only.
When I look at constraints, it has macro that has definition , index=NULL, I was suspecting that's the error.. so I had changed the constraint to index=* but it still doesn't work
You need to specify only those indexes which required for that datamodel, index=* will search all the indexes and due to that it takes long time to complete search and this will result in datamodel is in build state.
